﻿using System;
using System.ComponentModel;
using System.ComponentModel.DataAnnotations;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Security.Cryptography;
using System.Text;

namespace TP_02.Models
{

    public class User
    {
        [Key]
        public int Id { get; set; }
        [Required]
        [DisplayName("Name")]
        public string FullName { get; set; }
        [Required]
        [DisplayName("Email")]
        public string Email { get; set; }
        [Required]
        [DisplayName("Password")]
        [DataType(DataType.Password)]
        public string Password { get; set; }
        [Required]
        [DisplayName("Re-enter Password")]
        [DataType(DataType.Password)]
        public string PasswordRepeated { get; set; } /* cette propriété ne sera pas sauvegardée! */

        public bool SaveAsNew()
        {
            string cN = ConfigurationManager.ConnectionStrings["TP_02"].ConnectionString;

            using (var cnx = new SqlConnection(cN))
            {
                string requete = "INSERT INTO [User] (FullName, Email, Password)";
                requete += " VALUES (@FullName, @Email, @Password);";

                var cmd = new SqlCommand(requete, cnx) { CommandType = CommandType.Text };
                cmd.Parameters.Add("FullName", SqlDbType.NVarChar);
                cmd.Parameters.Add("Email", SqlDbType.NVarChar);
                cmd.Parameters.Add("Password", SqlDbType.NVarChar);
                cmd.Parameters["FullName"].SqlValue = FullName;
                cmd.Parameters["Email"].SqlValue = Email;
                string password = Password;
                byte[] encodedPassword = new UTF8Encoding().GetBytes(password);
                byte[] hash = ((HashAlgorithm)CryptoConfig.CreateFromName("MD5")).ComputeHash(encodedPassword);
                string encoded = BitConverter.ToString(hash);
                cmd.Parameters["Password"].SqlValue = encoded;
                cnx.Open();
                cmd.ExecuteNonQuery();
                cnx.Close();
                return true;
            }
        }

        public static bool IsValid(string username, string passwordSentToForm)
        {
            string cStr = ConfigurationManager.ConnectionStrings["TP_02"].ConnectionString;
            using (var cnx = new SqlConnection(cStr))
            {
                const string requete = "SELECT * FROM [User] WHERE email = @email";
                var cmd = new SqlCommand(requete, cnx) {CommandType = CommandType.Text};
                cmd.Parameters.Add("Email", SqlDbType.NVarChar);
                cmd.Parameters["Email"].SqlValue = username;
                try
                {
                    cnx.Open();
                    SqlDataReader dataReader = cmd.ExecuteReader();
                    if (!dataReader.HasRows)
                    {
                        dataReader.Close();
                        return false;
                    }
                    dataReader.Read();
                    var encodedPasswordOnServer = (string)dataReader["Password"];
                    string password = passwordSentToForm;
                    byte[] encodedPassword = new UTF8Encoding().GetBytes(password);
                    byte[] hash =
                    ((HashAlgorithm)CryptoConfig.CreateFromName("MD5")).ComputeHash(encodedPassword);
                    string encodedPasswordSentToForm = BitConverter.ToString(hash);
                    dataReader.Close();
                    return encodedPasswordSentToForm == encodedPasswordOnServer;
                }
                finally
                {
                    cnx.Close();
                }
            }
        }
    }
}
